Loading nixos/modules/services/security/oauth2-proxy.nix +16 −14 Original line number Diff line number Diff line Loading @@ -577,12 +577,15 @@ in users.groups.oauth2-proxy = {}; systemd.services.oauth2-proxy = { systemd.services.oauth2-proxy = let needsKeycloak = lib.elem cfg.provider ["keycloak" "keycloak-oidc"] && config.services.keycloak.enable; in { description = "OAuth2 Proxy"; path = [ cfg.package ]; wantedBy = [ "multi-user.target" ]; wants = [ "network-online.target" ]; after = [ "network-online.target" ]; wants = [ "network-online.target" ] ++ lib.optionals needsKeycloak [ "keycloak.service" ]; after = [ "network-online.target" ] ++ lib.optionals needsKeycloak [ "keycloak.service" ]; serviceConfig = { User = "oauth2-proxy"; Loading @@ -591,6 +594,5 @@ in EnvironmentFile = lib.mkIf (cfg.keyFile != null) cfg.keyFile; }; }; }; } nixos/modules/services/web-apps/keycloak.nix +4 −1 Original line number Diff line number Diff line Loading @@ -466,7 +466,8 @@ in confFile = pkgs.writeText "keycloak.conf" (keycloakConfig filteredConfig); keycloakBuild = cfg.package.override { inherit confFile; plugins = cfg.package.enabledPlugins ++ cfg.plugins; plugins = cfg.package.enabledPlugins ++ cfg.plugins ++ (with cfg.package.plugins; [quarkus-systemd-notify quarkus-systemd-notify-deployment]); }; in mkIf cfg.enable Loading Loading @@ -638,6 +639,8 @@ in RuntimeDirectory = "keycloak"; RuntimeDirectoryMode = "0700"; AmbientCapabilities = "CAP_NET_BIND_SERVICE"; Type = "notify"; # Requires quarkus-systemd-notify plugin NotifyAccess = "all"; }; script = '' set -o errexit -o pipefail -o nounset -o errtrace Loading pkgs/servers/keycloak/all-plugins.nix +17 −1 Original line number Diff line number Diff line { callPackage }: { callPackage, fetchMavenArtifact }: { scim-for-keycloak = callPackage ./scim-for-keycloak {}; Loading @@ -6,4 +6,20 @@ keycloak-discord = callPackage ./keycloak-discord {}; keycloak-metrics-spi = callPackage ./keycloak-metrics-spi {}; keycloak-restrict-client-auth = callPackage ./keycloak-restrict-client-auth {}; # These could theoretically be used by something other than Keycloak, but # there are no other quarkus apps in nixpkgs (as of 2023-08-21) quarkus-systemd-notify = (fetchMavenArtifact { groupId = "io.quarkiverse.systemd.notify"; artifactId = "quarkus-systemd-notify"; version = "1.0.1"; hash = "sha256-3I4j22jyIpokU4kdobkt6cDsALtxYFclA+DV+BqtmLY="; }).passthru.jar; quarkus-systemd-notify-deployment = (fetchMavenArtifact { groupId = "io.quarkiverse.systemd.notify"; artifactId = "quarkus-systemd-notify-deployment"; version = "1.0.1"; hash = "sha256-xHxzBxriSd/OU8gEcDG00VRkJYPYJDfAfPh/FkQe+zg="; }).passthru.jar; } Loading
nixos/modules/services/security/oauth2-proxy.nix +16 −14 Original line number Diff line number Diff line Loading @@ -577,12 +577,15 @@ in users.groups.oauth2-proxy = {}; systemd.services.oauth2-proxy = { systemd.services.oauth2-proxy = let needsKeycloak = lib.elem cfg.provider ["keycloak" "keycloak-oidc"] && config.services.keycloak.enable; in { description = "OAuth2 Proxy"; path = [ cfg.package ]; wantedBy = [ "multi-user.target" ]; wants = [ "network-online.target" ]; after = [ "network-online.target" ]; wants = [ "network-online.target" ] ++ lib.optionals needsKeycloak [ "keycloak.service" ]; after = [ "network-online.target" ] ++ lib.optionals needsKeycloak [ "keycloak.service" ]; serviceConfig = { User = "oauth2-proxy"; Loading @@ -591,6 +594,5 @@ in EnvironmentFile = lib.mkIf (cfg.keyFile != null) cfg.keyFile; }; }; }; }
nixos/modules/services/web-apps/keycloak.nix +4 −1 Original line number Diff line number Diff line Loading @@ -466,7 +466,8 @@ in confFile = pkgs.writeText "keycloak.conf" (keycloakConfig filteredConfig); keycloakBuild = cfg.package.override { inherit confFile; plugins = cfg.package.enabledPlugins ++ cfg.plugins; plugins = cfg.package.enabledPlugins ++ cfg.plugins ++ (with cfg.package.plugins; [quarkus-systemd-notify quarkus-systemd-notify-deployment]); }; in mkIf cfg.enable Loading Loading @@ -638,6 +639,8 @@ in RuntimeDirectory = "keycloak"; RuntimeDirectoryMode = "0700"; AmbientCapabilities = "CAP_NET_BIND_SERVICE"; Type = "notify"; # Requires quarkus-systemd-notify plugin NotifyAccess = "all"; }; script = '' set -o errexit -o pipefail -o nounset -o errtrace Loading
pkgs/servers/keycloak/all-plugins.nix +17 −1 Original line number Diff line number Diff line { callPackage }: { callPackage, fetchMavenArtifact }: { scim-for-keycloak = callPackage ./scim-for-keycloak {}; Loading @@ -6,4 +6,20 @@ keycloak-discord = callPackage ./keycloak-discord {}; keycloak-metrics-spi = callPackage ./keycloak-metrics-spi {}; keycloak-restrict-client-auth = callPackage ./keycloak-restrict-client-auth {}; # These could theoretically be used by something other than Keycloak, but # there are no other quarkus apps in nixpkgs (as of 2023-08-21) quarkus-systemd-notify = (fetchMavenArtifact { groupId = "io.quarkiverse.systemd.notify"; artifactId = "quarkus-systemd-notify"; version = "1.0.1"; hash = "sha256-3I4j22jyIpokU4kdobkt6cDsALtxYFclA+DV+BqtmLY="; }).passthru.jar; quarkus-systemd-notify-deployment = (fetchMavenArtifact { groupId = "io.quarkiverse.systemd.notify"; artifactId = "quarkus-systemd-notify-deployment"; version = "1.0.1"; hash = "sha256-xHxzBxriSd/OU8gEcDG00VRkJYPYJDfAfPh/FkQe+zg="; }).passthru.jar; }
